+ //path could be a relative fragment (ie /portal/site/abc), if so, create full url and check

+ String fullUrl = pathDecoded;

+ if(StringUtils.startsWith(pathDecoded, "/")) {

+ fullUrl = serverUrl + pathDecoded;

+ log.debug("Path: "+ pathDecoded +", full URL: "+ fullUrl);

+ }

+

+ //now have full url so check they start with the same value. otherwise it is external and it should be blocked.

+ if(!StringUtils.startsWith(fullUrl, serverUrl)) {

+ log.error("Attempted to shorten:"+ pathDecoded +", but this does not have the same prefix as the current server: "+ serverUrl);

+ thrownewEntityException("Couldn't shorten URL as external URLs are not permitted. The path parameter must contain either a relative path or a full URL that is for the same host.", path, HttpServletResponse.SC_FORBIDDEN);